Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- include("config.php");
- DbConnect(); //Connect to database
- LoggingIn(); //Check to see whether their is a login request, if so, process it.
- global $requiresLogIn;
- global $pageAccess;
- if($requiresLogIn == 1)
- {
- global $user;
- $user = IsLogged($pageAccess); //Check if the user is logged in.
- }
- function IsLogged($pageAccess=0)
- {
- if(isset($_COOKIE['ms_session']))
- {
- $session = SanitizeString($_COOKIE['ms_session']);
- $sql = 'select * from ms_users where `session` = "'.$session.'"';
- $result = mysql_query($sql);
- if(mysql_num_rows($result) == 0)
- {
- header("Location: index.php?msg=Please Login");
- }else{
- global $settings;
- $row = mysql_fetch_assoc($result);
- mysql_free_result($result);
- if(time() < ($row['lastactive']+($settings['inactive']*60)))
- {
- if($_SERVER['REMOTE_ADDR'] == $row['user_ip'])
- {
- if(strpos($pageAccess,',') > 0) //More than one pageAccess level
- {
- $pageAccess = explode(',',$pageAccess);
- if(in_array($row['user_type'], $pageAccess))
- {
- $sql = "UPDATE `ms_users` SET `lastactive` = '".time()."' WHERE `session` = '".$session."'";
- mysql_query($sql);
- return $row;
- }else{
- header("Location: index.php?msg=No access");
- }
- }else{
- if($row['user_type'] == $pageAccess){
- $sql = "UPDATE `ms_users` SET `lastactive` = '".time()."' WHERE `session` = '".$session."'";
- mysql_query($sql);
- return $row;
- }else{
- header("Location: index.php?msg=No access");
- }
- }
- }else{
- header("Location: index.php?msg=IP changed");
- }
- }else{
- header("Location: index.php?msg=Session expired");
- }
- }
- }else{
- header("Location: index.php?msg=Please Login");
- }
- }
- # Attempting to login?
- function LoggingIn()
- {
- if(isset($_POST['Login'])){ //Login button pressed
- if(isset($_POST['username']))
- {
- $error='';
- if(isset($_POST['password']))
- {
- if($_POST['username'] == 'User Name') //No user entered
- {
- $error .= "<br>Please enter a username...";
- }elseif($_POST['password'] == 'Password') //No password entered
- {
- $error .= "<br>Please enter a password...";
- }else{ //Attempted to login, user and password entered...
- $user = SanitizeString($_POST['username']);
- $pass = myPass($_POST['password']);
- $sql = 'select `username`,`password`,`user_type` from ms_users where `username` = "'.$user.'" and `password` = "'.$pass.'"';
- $result = mysql_query($sql);
- if(mysql_num_rows($result) == 0)
- {
- $error .= '<br>Invalid login';
- }else{ //Login = Good.
- $row = mysql_fetch_assoc($result);
- mysql_free_result($result);
- if($row['user_type'] != 0){
- $session = md5($_SERVER['REMOTE_ADDR'] . rand(0,9999999) . $pass);
- setcookie("ms_session", $session);
- $sql = "UPDATE `ms_users` SET `session` = '".$session."',`user_ip` = '".$_SERVER['REMOTE_ADDR']."', `lastactive` = '".time()."' WHERE `username` = '".$user."'";
- mysql_query($sql);
- header("Location: main.php");
- }else{
- header("Location: index.php?msg=Banned");
- }
- }
- }
- }else{
- $error .= "<br>No password entered";
- }
- if(strlen($error) > 3) { echo substr($error, 4, strlen($error)); }
- }
- }
- }
- # Password
- function myPass($str)
- {
- global $pw;
- return substr(md5(md5($str) . $pw['salt']), 0, 29);
- }
- # Filtering
- function SanitizeString($str)
- {
- $str = preg_replace("/[^a-zA-Z0-9_-]/", "", $str);
- return $str;
- }
- # Skin
- function skinItem($item)
- {
- if(file_exists('skin/' . $item . '.txt'))
- {
- include('skin/' . $item . '.txt');
- }else{
- echo 'Unable to access item: ' . $item;
- }
- }
- # MySql Database
- function DbConnect()
- {
- global $db;
- global $link;
- $link= mysql_connect($db['server'], $db['user'], $db['pass']) or header("Location: error.php?code=0");
- mysql_select_db($db['name']) or header("Location: error.php?code=1");
- }
- function DbClose()
- {
- global $link;
- mysql_close($link);
- }
- # Time
- function time_diff_simple($timestamp){
- $difference = time() - $timestamp;
- if($difference < 60)
- return $difference." seconds ";
- else{
- $difference = round($difference / 60);
- if($difference < 60)
- return $difference." minutes ";
- else{
- $difference = round($difference / 60);
- if($difference < 24)
- return $difference." hours ";
- else{
- $difference = round($difference / 24);
- if($difference < 7)
- return $difference." days ";
- else{
- $difference = round($difference / 7);
- return $difference." weeks ";
- }
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement